]]>Venmo, a mobile payment app popular among college students and recent grads, has security holes “you could drive a truck through,” according to an article posted on Slate this week. The report was largely based on one man’s story about how a grifter was able to steal $2850 from his account before he was ultimately reimbursed.

The fact that Venmo doesn’t offer two-factor authentication is indefensible, so I won’t defend it. But I’m also not going to delete the app off my phone and cancel my account.

In fact, I used Venmo last night — as I do fairly often — to reimburse my girlfriend for a magazine she bought for me because I didn’t have cash and it was the easiest way to pay her back. (Ostensibly I wanted the March issue of Vogue for the Apple Watch spread, but I was most interested in the cover story about Taylor Swift and Karly Kloss.)

I’m not going to stop using Venmo because its security is actually appropriate for the service it provides. In fact, I think it’s much more likely that my insecure magnetic credit card will get swiped by an ATM skimmer or through a security breach at a store like Home Depot. It’s simply not worth giving up Venmo’s convenience. And based on the number of transactions I saw in my Venmo social feed from last night, my friends agree.

Sure, Venmo might not have FDIC or credit card consumer protections, but it is legally required to help its customers recover funds from unauthorized transfers. One of the scariest details in the Slate story is that you have two business days under Venmo policy to contact the company after you spot fraud in order to limit your liability to $50 — even if the fraudsters stole close to $3000 (Venmo’s monthly limit.) After that, you could lose up to $500.

But those scary-sounding consumer protections aren’t exclusively Venmo policy — they stem from federal policy that covers unauthorized transfers for debit cards as well as smartphone transaction services like PayPal and Chase QuickPay. It is likely no different than what your bank offers for electronic transfers.

Plus, it’s in Venmo’s interest to make sure its customers aren’t paying for fraudulent charges. Fraud is not part of its business model — in fact, fraud almost certainly leads to Venmo losing money, either because it has to pay or through bad PR. (If you’re a Venmo user who has had thousands of dollars stolen from you and you haven’t been made whole, I’d love to talk to you. Email me.)

Here’s the statement Venmo gave me:

At Venmo, our most important job is to protect our customers and provide a safe experience. We are continuously improving product and security measures but there is always more to do. We have teams dedicated to fraud prevention, customer support, and operations working tirelessly behind the scenes, and we always guarantee our users’ funds. Our customers put their trust in us and we take that responsibility seriously.

Just this morning, I changed the password on my account and immediately got an email from Venmo alerting me to the changes. It’s not perfect: A request to change email ended up sending a message requesting I verify the new email address, but nothing to my old one saying it had been changed.

One real issue is that Venmo’s support line is an email address and it doesn’t get back to customers quickly. Venmo clearly needs to improve that, but the fact that it doesn’t offer a phone line actually seems like a good thing to me, because it means a slick social engineer can’t get a call center employee on the line and sweet-talk him into giving up personal information.

Ultimately, I’m going to keep using Venmo for a few reasons:

All my friends are already using it. If I’m trying to pay someone back for, say, a beer at a bar, I usually don’t need to ask her to download an app.

It works and it’s easy — I’ve made hundreds of transactions and I haven’t had a problem yet. If I do, I feel confident in predicting that Venmo will eventually make it right.

When you link it to a bank account, it’s free to both pay people and cash out.

If you’re really worried about security, you can unlink your bank account, as some of my colleagues have done. I added a PIN to my Venmo app — locking it with my fingerprint on my iPhone — but that seems superfluous because you need my PIN to get access to the phone’s contents in the first place. And when Venmo introduces two-factor authentication, I’m going to turn that on too. But I’m going to keep using Venmo, and frankly, I’m going to keep publicly posting many of my transactions.*

*For the record, I’ve labeled many Venmo memos as “drugs,” but never actually for a transaction that included drugs.

5:40PM: This article has been corrected to clarify the emails that Venmo sends when account settings are changed.

]]>ESPN pushed a big update to its flagship news app for iOS on Thursday. Now simply called ESPN — ditching the “Sportscenter” appellation — the app sports a new look, WatchESPN and ESPN Radio integration, and importantly for iPad-toting sports fans, it is a universal app that works on both phones and tablets running iOS.

It’s not that you couldn’t get scores from ESPN on an iPad before — the “Worldwide Leader” had a confusingly named and poorly-reviewed iPad app called ESPN ScoreCenter XL. But the company is following a new digital strategy, announced last fall, in which it is making cuts to its lineup of apps. Previously, the company had 45 different apps for various sports niches, including separate apps focusing on fantasy leagues, radio, and individual sports like soccer. Now, the game plan is to work on fewer, more individually personalized apps.

The design language in the new iOS app is a preview of what ESPN’s new website will look like when it re-launches on April 1st. The new design emphasizes performance and speed, and is divided into three main sections: A feed for scores, a feed for news, and a new section called Now that combines social media, quick commentary, and ESPN photos and videos. The iPad version of the app sticks your favorite team logos on the bottom right hand corner of the screen for easy access. Of course, the app will still push alert notifications for scores and game starting times.

You can listen to ESPN Radio in the app, but internal WatchESPN links for live sports or highlights will send you to that service’s dedicated app, although an ESPN executive told Gigaom’s Janko Roettgers that eventually you’ll be able to play WatchESPN content in the main ESPN app.

The question, however, is how effective are the various platforms at enforcing such actions for all of its users. The answer to this question lies in how these very same users choose to allow such threats from affecting their devices. While code signing of apps is a tool that developers and app store operators can use, it is not always effective.

Code Signing Apps

Code signing is not new, it has been around since before mobile apps were as prevalent as they are today. Simply put, Code Signing is a means of identifying where a particular piece of software originated. Developers use a unique digital key to sign their software, and then register that key with a trusted digital signing authority. That trusted digital signing authority can then validate the key and certify that the software did in fact come from a particular developer.

Windows – On Windows, when you first go to launch an application for the first time you may have seen error messages like “The Publisher could not be verified. Are you sure you want to run this software?.” What this means is that either there is no code signing key associated with the software you are trying to use, or that no digital signing authority could verify which developer it came from. The problem is that most will ignore the message and continue to launch the app anyway. Some have even modified their Security Settings to allow the launching of applications and unsafe files without being prompted by this message.

OS X – When Apple fist launched the Mac App Store for apps on their OS X platform, a new default option was introduced in the System Preferences. Under Security and Privacy, users quickly learned that three Gatekeeper options now existed when it comes to determining what apps could be launched on a Mac. Only apps downloaded from the Mac App Store, apps from identified developers, or apps from anywhere. Just like on Windows, OS X users are empowered to choose which apps they want to run on their Macs and even disable all warning messages when installing any app from anywhere.

Android – With Android, the option to install apps from unknown sources in not only an option that users can configure in their security settings, they are encouraged to do so by operators of Android App Stores outside of Google Play. The instructions on Amazon’s own Android App Store label the instruction as “Allow installation of apps from the Amazon Appstore.” Sounds friendly enough, however users are instructed to allow apps to be installed from unknown sources; any unknown source, not just Amazon. While it is true that Android developers can sign apps before deploying them to device, they don’t really have to. There are plenty of ways that developers can deploy apps to Android devices that do not require any level of code signing at all. Side-loading apps by tethering the device with a USB cable, downloads apps from web sites or even install apps from an attachment in an email message are some examples. While Google may have some control over Google Play, it does not control the Android platform as a whole.

iOS – The exception to this behavior lies in ensuring that the rule is always applied; by not giving users the option to turn it off. Apple, the trusted digital signing authority for iOS, has taken on the additional role of governing which developers are permitted to deploy apps onto iOS devices. On iOS there is no option to install native apps from any other source than Apple’s own iOS App Store (or an approved Enterprise App Store as outlined below). Without jailbreaking an iPhone, even developers cannot deploy apps that they are developing onto iPhones without Apple knowing about it.

Ad-hoc – One way this is done is by registering up to one-hundred iOS devices with their Apple Developer Account. This requires developers to manage all one-hundred of the device’s UDIDs, or unique device identifiers. Once registered to their account, developers can then tether each device to their Mac and deploy the app directly from within Xcode. The one-hundred device limit is a hard limit, you cannot remove and add devices at will. Once a year you can clear all registered devices from your list of registered devices and start over again.

TestFlight – Apple recently announced that it will shut down TestFlight’s ability to deliver apps to registered devices via email, which is a move that will send many developers over to alternatives like HockeyApp. In its place Apple is now promoting a new TestFlight Beta Testing capability. Managed directly from within a tool know as iTunes Connect, this now allows developers to send out early releases of their apps to as many a one-thousand devices without having to manage each device’s UUID. Not only does this increase in beta testers help developers manager their testing cycles better, it also makes managing the beta testing phase much easier.

App Store – The goal of most developers is getting their app into the App Store. This requires one to work through the intricacies of creating an AppID, TeamID, Distribution Certificate, and Provisioning Profile from within an Apple Developer account. Once this is completed, developers soon realize that the battle is only half over, as they then need to create an iTunes Connect account and register for an available App Record which is necessary to upload and submit your app for review. It never goes quite as planned the first time around and you end up spending a fair amount of time troubleshooting what step you missed. When all is said and done, you realize that you could actually make a career out of helping developers shepherd their apps through this process.

Enterprise – There are times when you want to develop apps that you never intend on deploying to the App Store, such as apps that you consider part of the intellectual property of your company and intend for use by employees of your company only. Even when this is the case, Apple still governs what apps can and cannot be deployed to some degree by continuing to manage the code signing process. This requires enrollment in Apple’s Enterprise Development program for $299 a year. Developers go through the same amount of hassle code signing their apps. This prevents third-party entities from creating their own public App Store for distributing apps. Companies can however deploy apps they develop exclusively to other business.

Known as B2B distribution, this is only possible if the company that the app is being deployed to has an internal means of managing app distribution. They must have their own Enterprise App Store. When this is the case, enterprise deployment is the way that apps get code distributed to devices under the management of an MDM solution like MobileIron, Apperian or AirWatch.

]]>There has always been a polarization among the users of the internet of things: those that understand and can manage the internet of things, and those who cannot. This phenomenon can in part be defined by those among us that can scan a QR Code and those of us who have tried and failed.

The modern-day equivalent of a blinking clock on a VCR, QR codes elude the majority of us. Just as we all recognized what the clock was for on a VCR, we all have the notion that a QR code contains information, a link perhaps, that can be used on the internet to gain access to even more information. But knowing what it is used for does not mean you know how to use it. How to scan it.

The problem with QR codes is not that they don’t work. They are very identifiable and just about everyone knows that you need to scan them. More and more we will see how QR codes can be used to do more than just provide a link to a web site as part of an advertising campaign. The problem that remains is that not everyone knows how to get them to work: how to scan or even create them. And that is just where the following apps can help:

Traditional Uses of QR Codes

RedLaser – Focused more on being a shopping assistant, RedLaser (Free, iPhone) is an app that will take a scanned QR code and search an online database to see what the QR code could possibly mean. Utilizing a collection of millions of products, RedLaser specializes in helping you compare prices of the products you are looking for, search for coupons leading you to the best deals online, and often times providing access to comments are reviews related to the product. It will even help you create shopping lists from your scan history that you can easily share with others.

QR Reader – With the ability to actually create a wide variety of different QR Codes directly on the device, QR Reader (Free, iPhone) is a full featured QR code app. More of a utility knife when it comes to creating and scanning QR codes, QR Reader also has the ability to scan words you see in the camera in addition to QR codes. Simply point the scanner at the word you are interested, swipe your finger across the word and it will convert the image of the word to text. It can also scan QR codes from images you have stored in your camera roll. The free version of the app is ad-based, but you can remove the ads through a $0.99 in-app purpose.

Scan – With more of an online business focused presence, Scan ($1.99, Universal) helps you track the usage of all of the QR codes you create. One of the best new features that it has to offer is its ability to create a QR code for your local Wi-Fi network. Simply go to the scan.me web site, review the list of QR codes that are best for you, and choose the Wi-Fi option. You can then create a QR code that makes it easier to share your public WiFi settings with family and friends that come over to visit. It also does a decent job of scanning and keeping a history of the QR codes you do scan. In fact, it’s simplified interface makes scanning and using QR codes about as easy as it can possibly be.

Unique Uses of QR Codes

Coke Freestyle Flavors – You may have noticed that your choice in beverage flavors at your favorite fast food restaurant has increased dramatically. The Coca-Cola company has been rolling out a new era in soda fountains. If you look a little closer, you will see that many of Coca-Cola’s new FreeStyle soda machines also have a little QR code on them (bottom right corner of the machine if it is there). Using their Coca-Cola Freestyle (Free, iPhone) app, you can customize your drink options even further by creating your own mix of flavors. You can add up to three different flavors and choose the proportions to create your own unique flavor; for example, ten percent Sprite, twenty percent Fanta zero raspberry, and seventy percent Hi-C orange (don’t judge me).

Hive Bitcoin Wallet – Bitcoin is a person to person way to exchange money at a very low cost. If you use bitcoin to exchange money, you will have what is referred to as a Bitcoin wallet. QR codes have been one of the primary means of identifying and sharing the identity of your Bitcoin wallet. Hive (Free, Universal) is a Bitcoin wallet app that uses QR codes to share your wallet identity with others. You display your wallet’s QR code on one screen, and the camera on your friend’s phone can bet used to scan it. No need to write an IOU anymore.

Snapchat Snaptags – While it has the spirit of the original QR codes, Snapchat’s (Free, iPhone) new Snaptags feature allows you to quickly add family, friends and colleagues to your contact list with ease. It has a unique style to the way that the code is created looking more like a generic avatar than something you would see on the assembly like in an automobile factory. You can even post your Snaptag online and share your contact information. Print it out on your business card or flyer when you are going to a trade show or event to quickly grow your contact list.

]]>It has certainly been an interesting month for messaging apps in the U.S.

Around the same time the New York Times penned its zeitgeist proclamation that messaging apps like Snapchat will become hubs of content and commerce like China’s WeChat, we learned from Comscore that these apps have plateaued in the U.S. in terms of growth. The companies are still attracting new users, but the rate of adoption is slowing in the 18+ crowd.

Right on schedule, Snapchat launched its Discover media feature this week, showcasing content from companies like CNN and Vice in a big departure from its former chatting focused strategy. Was Snapchat leaving messaging behind?

Kik CEO Ted Livingston, one of Snapchat’s biggest messaging competitors in the U.S., has been wondering the same thing. Although the apps is ranked sixth in U.S. social networking apps by iOS download, and 26th in apps overall, Kik is also struggling from a slowdown in growth.

I caught up with Livingston to get his take on what’s happening in the U.S. messaging app world, what he thinks of Snapchat’s Discover tool, and whether a “WeChat of the West” is still possible. What follows has been edited for length, order, and clarity.

I can tell you from Kik’s perspective, we’re not growing as fast in the U.S. as we were in the past. I can tell you it’s not bullshit. We were very relieved to see [the Comscore data]. We were thinking maybe there’s something wrong with just us, but it’s everyone. Hey internet are you listening? Messaging has peaked!

What do you think is happening? Is messaging not actually the future of social media?

App adoption in general is plateauing in the U.S. On top of that smart phone adoption has plateaued in the U.S.

Chat in the West is a commodity. When a 15-year-old kid says, ‘Can we chat on Kik mom?’ Mom is like, ‘No, why would I?’

For us that’s where the [WeChat-like] platform play starts making sense. One you have critical density among youth and you have these non-commodity services on top of chat, teens will bring in everyone else they know. They’ll bring in parents because they need to buy something for them, or a friend because they need them to plan events. The platform may become a ticket to the rest of the demographic.

So that’s where the future growth will come from?

Yes.

How does the plateau impact your plans in the present?

In a world where we are the only one plateauing, then we have the worst strategy. We’ve got to figure out how to keep up with everyone else.

When everyone is plateauing the question is what do we do now?

On that note, what do you think of Snapchat’s Discover? Is this the beginning of its big WeChat play?

Now it’s less about connecting with your friends as following brands. I’m like, ‘Oh shit, they’re just becoming a media company?’

Some have argued that media is just their first step in becoming a portal to other experiences, like gaming or personal budgeting apps.

I would say it’s definitely a step to becoming a platform…a broadcast platform (as opposed to a messaging platform). Snapchat started somewhere in between Kik and Instagram: private broadcast. But with the Stories feature they have gone more and more towards broadcast. So they are now a broadcast tool.

What is the best content to go from a broadcast tool to broadcast platform? To me it’s media. Makes complete sense.

Did you see that coming?

I did not, that’s not what I would’ve done. To me it’s very relieving because it takes some pressure off us. A messenger by itself is extremely difficult to monetize and it always has been in history. On the other side it’s brutally simple to figure out how to monetize a broadcast network like Instagram, Twitter, Facebook, and now Snapchat.

Maybe [Snapchat] has a great answer [with Discover] but it takes them further away from being the operating system that WeChat has been.

]]>Mobile analytics firm App Annie released a report on app trends on Wednesday that sorts out what kind of software people downloaded on their phones and tablets in 2014. The answer: Facebook-owned apps, including Facebook, Facebook Messenger, WhatsApp and Instagram, were the four most-downloaded apps worldwide when combining iOS and Android downloads in 2014, according to the report.

Because App Annie doesn’t put games and apps in the same category, the global list doesn’t include titles like Candy Crush Saga or Subway Surfers, which might account for more total downloads than Facebook’s utilities. But Facebook’s performance is still impressive, and an indication that the company’s multiple-app strategy might be a success. On the other hand, most of Facebook’s homegrown apps — such as Paper, Groups and Rooms — do not show up on any other top charts provided by App Annie. Facebook purchased both Instagram and WhatsApp.

The top app worldwide in terms of revenue in 2014 was Line, a Japanese-based messaging service popular in parts of Asia. Its sibling gaming app, Line Play, clocked in at number three in terms of worldwide iOS and Google Play revenue. (Pandora was second.) On the gaming side, Clash of Clans generated the most revenue, although fellow freemium sensation Candy Crush Saga was the most downloaded.

In a reminder of why both Google and Facebook want to break into China, neither company placed a single app in the top ten iOS apps either in terms of revenue or downloads, because neither company widely offers its services in China. The Chinese app leaderboards are filled with apps from Chinese web companies like Tencent, Alibaba and Baidu.

Reflecting the fact that China is quickly becoming the the biggest market for iOS devices, App Annie found that China generated the third most revenue for iOS among countries in 2014, taking the third-place spot from the United Kingdom. Japan ended up being the country that generated the most revenue for Android developers during the period. Games remained the most downloaded category of apps across countries.

The single most downloaded app in the United States in 2014 was Facebook Messenger, thanks to Facebook requiring its users to download a separate app to use the service. Pandora Radio was the most downloaded music app in the United States, landing at the fourth most downloaded app excluding games, and number one in terms of getting people to pay.

App Annie reported that there were more Google Play app downloads than iOS app downloads, but iOS apps still brought in significantly more revenue. Google Play accounted for 60 percent more downloads than iOS, but iOS apps generated 70 percent more revenue.

]]>Facebook is serious about spreading its service to people in countries without fast cellular networks or cutting-edge smartphones. Its new Android app, Facebook Lite, which isn’t available in the United States or Europe, is targeted at people with poor internet service or who are limited to 2G networks.

Facebook Lite clocks in at a 252KB download — about one hundredth the size of Facebook’s main Android app, which is around 25MB depending on your device. The app is based on the software that Facebook on feature phones uses, but it sports Android-specific features like push notifications and camera uploads. Unlike Facebook’s main app, Facebook Lite also includes Facebook Messenger.

This isn’t the first version of Facebook targeted at developing countries — Facebook previously used the “Facebook Lite” moniker in 2009 for a similarly stripped-down version of its website found on the web at lite.facebook.com. Facebook shut that site down in 2010.

In addition to lightweight versions of Facebook for Android, Facebook continues to adapt its service to feature phones without browsers as part of the Facebook Zero project. As part of the Facebook-led Internet.org program, Facebook and Facebook Messenger don’t count against users’ data caps in regions of Zambia. Plus, Facebook owns WhatsApp, which is the most popular messaging service in many developing nations.

Facebook Lite is only available in eight countries to start. People in Bangladesh, Nepal, Nigeria, South Africa, Sudan, Sri Lanka, Vietnam and Zimbabwe with certain Android devices can download it from Google Play now.

Facebook’s director of global connectivity Chris Weasler spoke at Gigaom’s Structure Connect conference in 2014, telling a story about how Facebook employees reworked the Facebook app to make it 50 percent lighter on data usage after finding out they could barely use the service on Nigerian networks.

]]>On mobile devices, screenshots end up in the camera roll alongside your other photos, even though a screenshot is a completely different type of image than a photograph. Screenshots are something you saw on your screen that you want to keep, whether it’s an ill-advised Facebook message you think is going to get deleted later, or your high score on Flappy Bird.

A new app from San Francisco and Bejing-based Landscape Mobile, simply called Screenshots, wants to be the go-to spot for collecting and sharing screenshots on your iPhone. It’s not the first screenshot manager, but the app hopes to go beyond simply organizing screenshots. With promised features like finding links embedded in screenshots, Screenshots wants to actually use the information contained in a screenshot to make users’ lives easier.

“A screenshot is like a photo of your digital life,” Founder Yue Zhuge said. “Screenshots are not a regular image. People don’t care about the visual aspect of a screenshots, they care about the information.”

The Screenshots app automatically takes all the screenshots from your camera roll and organizes them by the app they depict — so screenshots of Facebook are all in a single menu, for instance. Not only does that make it easier to delete or share, say, several Instagram screenshots at once, but it’s also an interesting organized look at the content you once thought was worth keeping. It can’t identify all apps, though, and sticks anything it doesn’t recognize in an “other” folder. Unfortunately, that category includes most games. The app also doesn’t require an update or sync. Screenshots should show up in the app as soon as you take them.

One handy feature is that Screenshots can strip the user interface from around an image in a screenshot, which is an easy way to “re-gram” Instagram photos other people posted. The developers offered an example in which a user can grab an image and link from Facebook and post it to Pinterest using Screenshots.

“We’re seeing if images can be used as a bridge between apps on mobile,” Zhuge said.

Screenshots can extract English text using an OCR process after uploading the screenshot to the cloud.The app also can extract the link from certain screenshots, so if you have a grab of a friend’s Facebook post, the app should be able to pull the link out of the image. It’s a trick that the same developers have used before in an app called Sight — which went a little farther, and acted a bit like a screenshot-based Instapaper by pulling full articles from text found in screenshots.

It sounds useful, especially considering the rise of the “screenshort” as a way to share a passage of text on social media. Unfortunately, Screenshots doesn’t work flawlessly yet. When analyzing screenshots, I found the app was reading the top bar of my iPhone screen included in the screenshots, so transcriptions invariably started with “AT&T LTE” and the time. I also had trouble getting Screenshots to recognize the links my friends posted on Facebook.

It’s too bad because I think Landscape Mobile could be on to something by pulling out interesting data from a screenshot. Some days my camera roll is positively filled with screengrabs, usually text. Screenshots is currently a great way to save, organize, and share them, but doesn’t yet fulfill its promise to extract the rich information inside.